The Myth of Infallibility: Correcting Misconceptions
Linux loyalists often claim Linux doesn’t need antivirus software. Humbug, I say! After successfully hardening my system to a respectable 74 percent, I discovered viruses in several of my downloads—a direct result of my carelessness in not checking the checksums. This experience proves that even a well-configured Linux machine isn’t immune to hosting malicious files, which can pose a significant risk to other Windows or macOS devices sharing your network.
So my advice is harden your system the way you want using sudo lynis audit system closing holes as you go, try not to harden to much, things start to break after this. 70 is a good number.
Linux is secure by default , more so than many other systems. But my little virus scare provided the proactive auditing, patching and scanning (especially for those pesky cross-platforms threats) are essential parts of good security hygiene.
Dont assume you’re safe just because we are running Linux. run your own Lynis audit and setup clamav or what you choose today. Stay vigilant, friends.
Key Suggestions I found Useful
Linis is verbose, but it points you exactly where you need to look. I used its feedback to make specific changes, such as:
Improving password hashing strength in /etc/login.def to make my passwords harder to crack
Disabling unused network protocols
My score was 50 after improving the Harding went to 74 percent. Things started to fall apart after that figure.
I was brought up to believe that even if you transferred a windows file with a virus it could not run or effect Linux systems but you just as easy transfers that file to someone else.
Paul, in response to the question about achieving a Lynis score of 74, stated that Lynis uses a predefined scale to measure security levels. Checksumming algorithms for generating file hashes include MD5, SHA-1, and others. Lynis help me build and maintain a database of hashes for file systems to verify the integrity of files and detect any unauthorized changes or tampering. This is how I discovered a security breach using EA’s APP in Linux while playing Battlefield games. One example of a virus that uses HTTP caches to hack into an unprotected system is Twinkle httpcache. Another example is the python 3.11 win.Virus.zard.
After switching from 30 years of Windows systems to Linux, I was shocked to learn about the ways in which Microsoft, EA, and Intel had been using hardware drivers as a caching system. It was the audit that discovered all this. Tracing files using Lynis, closing holes, and following the trail led to caching, hashes, and local LAN connections used for directing traffic to specified servers.
I just ran my first scan. Got back “Great No Warning” and a score of 57.
But I also received 53 suggestions! I did not see any ranking as to which suggestion might be more important then others. A ranking of 1,2,3 with 1 being the most important would be nice. And 53 actions (for me) is a lot of work for a guy who is comfortable with Linux but in no way has the knowledge of a System Admin.
yes it is lots of work trial and error. The hardest being building the data base for the file checksum. took 8 hours to complete, I have a complex data structure with 10 tbs of information. The security benefits out weights the lack of security. You can start with locking down your grub.
Lynis security scan details:
Hardening index : 76 [############### ]
Tests performed : 271
Plugins enabled : 1
I have installed and run that tool, out of curiosity.
Lynis security scan details:
Hardening index : 61 [############ ]
Tests performed : 262
Plugins enabled : 1
As far as good. Reviewing the list of suggestions shows that many of them are rather hypothetical.
Mainly the following:
Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP [PHP-2376]
Harden compilers like restricting access to root user only [HRDN-7222]
Install Apache modsecurity to guard webserver against web application attacks [HTTP-6643]
Hey, it’s a developer machine. Life is hard enough; no need to voluntarily add such restrictions.
But some other of the suggestions might be worth considering.
As mentioned, this audit will give us a look at what it finds. Some things are good, others are well, if I do that so what. Making things secure is always good. Changing OS all the time is not my bag of ice; I stick with one OS. Knowing that cache is no longer an issue for HTTP intrusions while using Microsoft software in whatever we use is always good in many ways, especially when connected to places like FOSS. This security helps them be protected from any requests hunting down their vulnerabilities. Linux is easier to not know what’s going on, so closing those unknowns is always a good safety measure.
@Howard, we are in control, and that is what is important. I just found out in our area there are 5 million users who are switching to Linux. I am the leader of a small group that will be introducing Linux to business, and I was selected to teach them. This is very interesting news. My first lesson will be on LVM (Logical Volume Management), as they are all businesspeople who want out of Microsoft.
How I have set up Linux this time is a result of years of experimentation, with periods of being in and out, never quite reaching the safety zone of knowing what to use. Now, I am fully aware that Linux is simply the operating system of the future.
1 Basic Computer Concepts (Folders types and files)
2 Linux Basics ( Understanding Different Platforms)(Terminal commands)
3 Basic Navigation ( File Navigation, filesystems)(cd directory structures)
4 File Management (Create, rename, move and delete files and directories)
5 Basic security (Importance in security)
6 Package management (Package Managment installer apt, yum, gui)
7Basic Troubleshooting ( common issues. )
I have my presentation almost completed, If anyone whats to add in the list I will absolutely give those credits at my meeting.
That sounds a bit advanced for Linux beginners.?
How to install Linux might be useful. Most beginners trip up on installs. Installs require knowledge of disks and partitions.
They are not all at that level, storage and setup is the most important task for long term use. This needs addressing first. LVM is the only option for long-term use. Root and home users have their own pools. I also wanted to add a bit more information on how LVM is similar to Storage Spaces and dynamic disks in Windows. Here’s what I came up with:
LVM (Logical Volume Manager) is a Linux-based technology that allows you to create virtual storage devices from physical disks or disk arrays. It’s similar to Microsoft’s Storage Spaces, which allows you to create virtual storage pools from physical disks or disk arrays. In both cases, you can create multiple virtual storage devices, each with its own unique characteristics and attributes.
In LVM, you can create logical volumes that are made up of physical disks or disk arrays. You can also create snapshots of your data, which allows you to easily revert back to a previous version if something goes wrong. This is similar to dynamic disks in Windows, which allow you to create virtual storage devices from physical disks.
In both LVM and Storage Spaces, you can create multiple virtual storage devices, each with its own unique characteristics and attributes. This allows you to customize your storage configuration to meet the specific needs of your application or use case. For the ones I will be introducing Linux to is the CEO’s of Depont, Altivista.
You are right, it is setup for live view, I will be using this method to setup one of their devices. I have 6 disk with 16 tb of information to transfer to the new setup. When completed they will use that computer for testing lab works. And office networking with users already setup on 3 computers.
There is 2 others that will setup the networking for each device and connection to the science lab of DuPont.
It’s good to teach them the basics to get around on the CLI, but also what is available to them. You’d need to be careful to not overwhelm them, but you’d also be knowledgeable in regards of the various activities they’re going to be doing.
For example:
If you’re going to be teaching the technical helpdesk or technical administrators, those are going to have completely different requirements than the end users.
Network administrators might not be as interested in the various office packages available, but more in the commands they need to setup and maintain the network. End users, on the other hand, might find your information on LVM completely useless - after all, that’s what a system or server administrator is for.
Basically, what I’m saying is: know your crowd. The more you know about them, the better you can fine tune your presentation to them.
What I’ve also encountered is power users in Windows thinking they take their Windows skills 1-to-1 to Linux and then they end up falling flat on their face with a broken system. Don’t let that happen. Explain to them that Linux is very different than Windows and that they should pay attention.
Congratulations @jackfrost on your assignment. I would imagine teaching Linux concepts to a group of business men is quite different to than teaching Linux to beginners. These business people will most likely have a Linux Admin to handle to details of Linux installation and the admin work needed to keep things running smoothly.
@ernie recently posted that he recently read where Zorin had over 1 million downloads in just over a month. So yes, there seems to be an real uptick learning about Linux.
I am not alone with the introduction, they are very interested in the switch. I’m the one that talked to the right person giving a uber ride to a CEO. This is how it all started.
